topic Re: FMC FastPath vs Trust with logging in Network Security

FMC FastPath vs Trust with logging

davparker — Tue, 11 Jun 2024 20:51:32 GMT

Hello,
I'm trying to figure out a way to suppress logging to the FMC console for DNS_over_TCP & DNS_over_UDP from Umbrella VAs to the Umbrella public DNS servers. That traffic is cluttering the console. It is trusted and secure. I don't really want to send this through the inspections or SI. Initially I thought FastPath would do it, but traffic still exits the ACP policy for Internet_Allowed and gets logged. I tried adding a Allow rule for this traffic just above the Internet_Allowed rule with no inspection or logging, but traffic is still exiting the Internet_Allowed ACP rule. Next, I tried a Packet Tracer to see which rules are getting hit, but I seem to be unable to simulate DNS_over_TCP or DNS_over_UDP. Those port options don't exist. I'm running 7.2x

Any thoughts? David

Re: FMC FastPath vs Trust with logging

Marius Gunnerud — Tue, 11 Jun 2024 21:16:40 GMT

I am a little unclear on the structure of your ACP, screenshots would be good.

However, placing the DNS rule in the prefilter policy and selecting fastpath (and not enabling logging) should achieve what you are trying to do.

Re: FMC FastPath vs Trust with logging

davparker — Tue, 11 Jun 2024 21:38:20 GMT

So, in the Prefilter Policy, instead of specifying ports DNS_over_TCP and UDP_over_TCP I specified tcp/443 & udp/443 for traffic between the Umbrella VAs and the Umbrella Public Servers. I guess I made an assumption that the predefined ports were for DNScrypt. Must not be the case...

Thanks - David